1 Answer
1

Quite often you will have multiple UI forms for the same data, and you would have to code your AccessControls into all of them. Making updates would also be more time consuming and prone to errors as you'd have to remember to update every form that references that data when a change occurs.

If you decide to make another version of the application in another framework, such as a web version of a desktop app, you would have to re-create all your AccessControls for the new UI. If the AccessControls were in the DAL, you just need to hookup to your DAL and create your UI.

Without AccessControls on the DAL you open up a bunch of security holes. If someone can bypass your UI they have access to all your data